Skip to main content

Pnp4Nagios

6 CVEs product

Monthly

CVE-2023-38350 MEDIUM POC This Month

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnp4Nagios
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38349 HIGH This Week

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pnp4Nagios
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-16834 HIGH PATCH This Week

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Pnp4Nagios
NVD GitHub
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-4908 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Pnp4Nagios
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-4907 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Monitor Pnp4Nagios
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-3457 LOW Monitor

PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pnp4Nagios
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnp4Nagios
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pnp4Nagios
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an unprivileged account but root code execution depends on these files, which allows local users to gain privileges by leveraging. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Pnp4Nagios
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Pnp4Nagios
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Monitor +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pnp4Nagios
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy